File size: 1,973 Bytes
7c89ed7 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | # This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
# Copyright (c) 2014 Mozilla Corporation
class message(object):
def __init__(self):
'''register our criteria for being passed a message
return a dict with fieldname:None to be sent anything with that field
return a dict with fieldname:Value to be sent anything with that field/value
return a string to be sent anything with any field matching that string evaluated as a regex.
set the priority if you have a preference for order of plugins to run.
0 goes first, 100 is assumed/default if not sent
'''
# this plugin inspects messages for whitelist stuff that
# should be dropped and not processed any further.
self.registration = ['ELB-HealthChecker/1.0']
self.priority = 1
def onMessage(self, message, metadata):
# criteria for dropping messages
# early exit by setting message = None and return
if 'type' in message and message['type'] != 'auditd':
return (message, metadata)
if 'details' in message:
# drop disabled for now
# if 'signatureid' in message['details']:
# if message['details'].lower() == 'execve' and \
# 'command' not in message['details']:
# auditd entry without a command
# likely a result of another command (java starting a job, etc.)
# signal a drop
# message = None
# return message
if 'http_user_agent' in message['details']:
if message['details']['http_user_agent'] == 'ELB-HealthChecker/1.0':
message = None
return message
return (message, metadata)
|